Selective Forgery of RSA Signatures Using Redundancy

@inproceedings{Girault1997SelectiveFO,
  title={Selective Forgery of RSA Signatures Using Redundancy},
  author={Marc Girault and Jean-François Misarsky},
  booktitle={EUROCRYPT},
  year={1997}
}
We show the weakness of several RSA signature schemes using redundancy (i.e. completing the message to be signed with some additional bits which are fixed or message-dependent), by exhibiting chosen-message attacks based on the multiplicative property of RSA signature function. Our attacks, which largely extend those of DeJonge and Chaum [DJC], make extensive use of an affine variant of Euclid's algorithm, due to Okamoto and Shiraishi [OS]. When the redundancy consists of appending any fixed… CONTINUE READING